Hi,
Willy Tarreau <w...@1wt.eu> wrote:
> On Wed, May 13, 2009 at 11:50:07AM +0200, Maik Broemme wrote:
>
> I don't get you. You mean that simply omitting the "if" between "reject" and
> "cond" is not returned as an error, that's it ? If so, yes I agree that it
> would be better that it yells here. Since I copy-pasted the parser from other
> rules (use_backend, block, redirect, ...) the same problem should be present
> everywhere.
>
Yes exactly, if the "if" word is missing the result is non-working.
Nothing more and nothing less.
> OK, so it's clearly a matter of not reporting that an unknown word is
> present where only {empty, "if", "unless") are accepted. I'll look into
> that.
>
Many thanks.
> BTW, you can simplify your rules by using two things :
>
> either you make only one ACL :
> acl localnet dst 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
> tcp-request content reject if localnet
>
> or you can keep your 3 ACLs but group them into one rule :
>
> acl localnet-1 dst 192.168.0.0/16
> acl localnet-2 dst 172.16.0.0/12
> acl localnet-3 dst 10.0.0.0/8
> tcp-request content reject if localnet-1 or localnet-2 or localnet-3
>
Many thanks too, didn't know that it is working so too.
> Regards,
> Willy
>
--Maik
